Worm:Win32/Hilgild!gen.A


Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 1
First Seen: January 15, 2013
Last Seen: May 11, 2020
OS(es) Affected: Windows

Worm:Win32/Hilgild!gen.A is a worm that proliferates via removable drives. Worm:Win32/Hilgild!gen.A drops other files into the a corrupted PC. When installed, Worm:Win32/Hilgild!gen.A makes system changes by adding malevolent files and modifying the Windows Registry. Worm:Win32/Hilgild!gen.A delivers its copy into the targeted PC with the particular file. Worm:Win32/Hilgild!gen.A creates the registry entry so that its copy can load automatically whenever you boot up Windows. Worm:Win32/Hilgild!gen.A proliferates by replicating itself to all removable drives in the affected computer by adding its copy with the same file name in the 'Recycler' folder. Worm:Win32/Hilgild!gen.A also writes an Autorun configuration file called 'autorun.inf', referringto the copy of the worm. If the drive is accessed from a PC which supports the Autorun feature, Worm:Win32/Hilgild!gen.A is run automatically. Worm:Win32/Hilgild!gen.A distributes more malware threats, connects to a remote server, and steals confidential information.

File System Details

Worm:Win32/Hilgild!gen.A may create the following file(s):
# File Name Detections
1. G:\recycler\
2. %AppData%\wmimgmt.exe
3. %Temp%\ghi.bat
4. F:\recycler\
5. %Temp%\info.txt

Registry Details

Worm:Win32/Hilgild!gen.A may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "wmi32" = "%AppData%\wmimgmt.exe"


